This week’s phishing news headlines cover a wide range of cyberattacks on organizations and institutes that highlight the significance of adopting phishing prevention best practices to ensure safety from the latest cyber attacks in today’s times.


Ransomware Hits Arthur J. Gallagher (AJG)

Arthur J. Gallagher (AJG) is a Fortune 500 firm providing risk management and global insurance brokerage services. An unidentified ransomware gang accessed its network between 3rd June 2020 and 26th September 2020, and this exposed the personal information of around 7,376 individuals. AJG is now informing all affected individuals of the incident via breach notification letters. The firm has also informed the data regulatory authorities and is currently working with cybersecurity and forensic specialists to investigate the attack.

The compromised information includes individuals’ username, password, DOB, government identification number, tax identification number, employee identification number, license, credit card information, medical information, electronic signature, health insurance information, and biometric information. AJG will be providing two years of free credit monitoring to all victims and urged them to take necessary phishing attack prevention measures.


Kaseya Attack Impacts 800 Coop Stores In Sweden

While just 50 of Kaseya’s clients were affected in the recent REvil ransomware attack, most of these customers were managed service providers (MSPs) who, in turn, have thousands of customers. Thus the impact chain of the Kaseya attack expands to thousands of companies across the globe, and one among these is one of Sweden’s largest supermarket store chains – Coop.

Of the 800+ Coop stores across the country, 800 stores were shut down on 2nd July 2021, in the aftermath of the Kaseya attack. Only 5 Coop stores remained unaffected by this massive attack, for which Coop blames one of its suppliers. Coop adopted necessary phishing protection measures after the incident and posted about the incident on its website.


WSCC Water Swiftly Handles Ransomware Attack

WSSC Water is a US water company that underwent a ransomware attack on 24th May 2021. Within hours of detecting the attack, WSSC had removed the malware and removed the threat factors. However, it’s only now that WSSC is intricately investigating the attacks. It has informed the state and local homeland security officials, the FBI, and the Maryland Attorney General.

Fortunately, WSSC had foreseen such an incident since ransomware attacks are common and could handle them well and restore systems using data backups. This attack’s water quality wasn’t affected, and WSCC continues to deliver safe and clean water to 1.8 million customers. WSSC says that it was prepared to prevent phishing attacks but urges customers to be cautious. It will be providing five years of free credit monitoring with $1,000,000 in identity theft insurance to all affected people.


16k L&I Workers’ Data Compromised

The Pacific Market Research (PMR) underwent a ransomware attack on 22nd May 2021, which affected the files of one of its clients – the Washington state Department of Labor and Industries (L&I). Consequently, the personal information of over 16,466 L&I workers was compromised. These details included the claim numbers, contact information, and dates of birth of the workers who had compensation claims in 2019. PMR had used this data to conduct a customer service survey on behalf of L&I and forgot to re-encrypt it after the survey.

While PMR notified L&I about the security incident on 4th June, the same was conveyed to the workers a month later on 1st July 2021. Investigations were conducted in the interim to determine the scope of the attack. As part of its anti-phishing measures, PMR also set up a call center to respond to queries about the incident.

No other L&I or PMR computer systems and files were accessed or compromised in the breach. PMR usually encrypts all its confidential client data, but they somehow overlooked the L&I file, and the consequence was the breach. PMR is now taking additional security measures and rechecking its strategies before resuming customer surveys.


Data Breach Hits New Social Media Platform GETTR

GETTR is a new social media platform recently launched by Donald Trump’s team members. Just days after its launch, cyber adversaries have leaked the non-public information belonging to over 90k users. Data was collected on 1st July and 5th July and then dumped on the hacking forum RAID for free download. The first batch of data was collected by scraping the site, whereas the second batch was collected by exploiting unprotected GETTR API endpoints.

The compromised user information included the real names, site usernames, profile descriptions, and other public information. It also included non-public user information such as birth year, email address, and location information. The adversaries defaced the GETTR accounts of several high-profile Republican figures like Jason Miller (former Trump spokesperson and GETTR’s founder), Mike Pompeo (former Secretary of State), Steve Bannon (former Trump campaign chief), and Marjorie Taylor Greene (Georgia Rep.). As GETTR avoids commenting on the incident, GETTR users are recommended to get anti-phishing protection at the earliest.


Data Breach Hits Northwestern Memorial Healthcare

The clinical information of Northwestern Memorial HealthCare (NMHC) providers’ patients was exposed in a recent data breach at Elekta. Elekta is a third-party cloud service provider handling legally required cancer reporting to the State of Illinois for NMHC.

Although NMHC isn’t directly responsible for the attack, it regrets the cybersecurity risk caused to patients and is re-considering its association with Elekta.  The healthcare provider has informed that the adversaries accessed the database containing patients’ names, Social Security numbers, DOB, medical record numbers, health insurance information, and cancer treatment-related clinical information.

Fortunately, no financial information was compromised in this breach. But NMHC urges all patients to be cautious and adopt phishing prevention measures. It has extended free credit monitoring services to all patients with compromised Social Security numbers. NMHC’s internal networks and systems remain unaffected.


Data Breach At Third-Party Vendor Affects Morgan Stanley

Guidehouse is a third-party vendor providing account maintenance services to the investment banking firm Morgan Stanley. Guidehouse’s Accellion FTA server was hacked in January, and investigations revealed its impact on Morgan Stanley in May. Consequently, the information belonging to Morgan Stanley stock plan participants was compromised.

Although Guidehouse had fixed the vulnerability within five days of detection in March, the impact on Morgan Stanley was detected two months later. To date, there is no evidence of the stolen Morgan Stanley data being leaked online. The compromised information includes the Morgan Stanley Stock plan participants’ names, DOB, Social security numbers, addresses, and corporate company names.

In its data breach notification letters to victims, Morgan Stanley specified that there had been no security incident in its servers. The Morgan Stanley files stored on the Guidehouse Accellion FTA server were encrypted. Still, the adversaries also accessed the decryption key, which negates the prospect of any protection from phishing attacks.


Phoenix CryptoLocker Attacks CNA Financial Corporation

Leading US insurance company CNA Financial Corporation underwent a ransomware attack on 21st March 2021, and Phoenix CryptoLocker is behind the attack. In its breach notification letter to customers, CNA mentions that its servers were accessed various times between 5th March and 21st March 2021. The adversaries copied some of CNA’s information during this period before they finally deployed the ransomware.

As per reports, data belonging to 75,349 individuals was compromised in this breach which included their names, social security numbers, and information related to health benefits (in some cases).  A majority of the victims were CNA’s former and current employees, contract workers, and dependents.

The enterprise is offering two years of free fraud protection services and credit monitoring to the affected individuals. As part of its anti-phishing solutions, CNA has also established a toll-free hotline to answer queries related to the incident. CNA claims to have restored its systems two months ago and is now operating without interruptions.